package com.et114.components.crossscript;
import javax.servlet.http.HttpServletRequest;


//@author guanhw for Corss Script 攻击
public class CSUtils {
	public static  String cleanXSS ( String value ) {
		value = value.replaceAll ( "<" , "& lt;" ).replaceAll ( ">" , "& gt;" );
		value = value.replaceAll ( "\\(" , "& #40;" ).replaceAll ( "\\)" ,"& #41;" );
		value = value.replaceAll ( "'" , "& #39;" );
		value = value.replaceAll ( "(?i)eval\\((.*)\\)" , "" );
		value = value.replaceAll ( "(?i)[\\\"\\\'][\\s]*javascript:(.*)[\\\"\\\']" , "\"\"" );
		value = value.replaceAll ( "(?i)script" , "" );
		
		value = value.replaceAll ( "(?i)iframe" , "" );
		return value;
	}
	

	
	public static  String tox ( String value ) {
		value = value.replaceAll ( "& lt;" , "<" ).replaceAll ( ">" , "& gt;" );
		value = value.replaceAll ( "& #40;" , "\\(" ).replaceAll ( "\\)" ,"& #41;" );
		value = value.replaceAll ( "& #39;" , "'" );
		return value;
	}	
	
	public static String [ ] getParameterValues ( String parameter , HttpServletRequest request ) {
		String [ ] values = request.getParameterValues ( parameter );
		if ( values == null ) {
			return null;
		}
		int count = values.length;
		String [ ] encodedValues = new String [ count ];
		for ( int i = 0 ; i < count ; i ++ ) {
			encodedValues [ i ] = CSUtils.cleanXSS ( values [ i ] );
		}
		return encodedValues;
	}
	
	public static String getParameter ( String parameter , HttpServletRequest request  ) {
		String value = request.getParameter ( parameter );
		if ( value == null ) {
			return null;
		}
		return CSUtils.cleanXSS ( value );
	}
	
	public static String getHeader ( String name , HttpServletRequest request ) {
		String value = request.getHeader ( name );
		if ( value == null )
			return null;
		return CSUtils.cleanXSS ( value );
	}	
	
	public static void main( String[] s ) {
		String vv = "$$20013;$$25991;" ; 
		vv = cleanXSS( vv  ) ;
		System.out.println ( vv ) ;
	}  
}
